Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_PRIMAVERA_UNIFIER_CPU_APR_2019.NASL
HistoryApr 19, 2019 - 12:00 a.m.

Oracle Primavera Unifier Multiple Vulnerabilities (Apr 2019 CPU)

2019-04-1900:00:00
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28
JSON

According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.15.7 or 17.7.x prior to 17.12.10 or 18.x prior to 18.8.6. It is, therefore, affected by multiple vulnerabilities:

  • A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution.
    (CVE-2016-1000031)

  • A denial of service (DoS) vulnerability exists in Apache HTTP Server 2.4.17 to 2.4.34, due to a design error. An unauthenticated, remote attacker can exploit this issue by sending continuous, large SETTINGS frames to cause a client to occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. (CVE-2018-11763).

  • A deserialization vulnerability in jackson-databind, a fast and powerful JSON library for Java, allows an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization.
    (CVE-2018-19362)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(124170);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id(
    "CVE-2016-1000031",
    "CVE-2017-9798",
    "CVE-2018-8034",
    "CVE-2018-11763",
    "CVE-2018-11784",
    "CVE-2018-19360",
    "CVE-2018-19361",
    "CVE-2018-19362"
  );
  script_bugtraq_id(
    93604,
    100872,
    104895,
    105414,
    105524
  );
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");

  script_name(english:"Oracle Primavera Unifier Multiple Vulnerabilities (Apr 2019 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote web server is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Oracle Primavera
Unifier installation running on the remote web server is 16.x prior to
16.2.15.7 or 17.7.x prior to 17.12.10 or 18.x prior to 18.8.6. It is, 
therefore, affected by multiple vulnerabilities:

  - A deserialization vulnerability in Apache Commons
    FileUpload allows for remote code execution.
    (CVE-2016-1000031)

  - A denial of service (DoS) vulnerability exists in
    Apache HTTP Server 2.4.17 to 2.4.34, due to a design
    error. An unauthenticated, remote attacker can
    exploit this issue by sending continuous, large
    SETTINGS frames to cause a client to occupy a
    connection, server thread and CPU time without any
    connection timeout coming to effect. This affects
    only HTTP/2 connections. A possible mitigation is to
    not enable the h2 protocol. (CVE-2018-11763).

  - A deserialization vulnerability in jackson-databind, a
    fast and powerful JSON library for Java, allows an
    unauthenticated user to perform code execution. The
    issue was resolved by extending the blacklist and
    blocking more classes from polymorphic deserialization.
    (CVE-2018-19362)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9166970d");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Oracle Primavera Unifier version 16.2.15.7 / 17.12.10 / 18.8.6 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1000031");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/04/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/19");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:primavera_unifier");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_primavera_unifier.nbin");
  script_require_keys("installed_sw/Oracle Primavera Unifier", "www/weblogic");
  script_require_ports("Services/www", 8002);

  exit(0);
}

include("http.inc");
include("vcf.inc");

get_install_count(app_name:"Oracle Primavera Unifier", exit_if_zero:TRUE);

port = get_http_port(default:8002);
get_kb_item_or_exit("www/weblogic/" + port + "/installed");

app_info = vcf::get_app_info(app:"Oracle Primavera Unifier", port:port);

vcf::check_granularity(app_info:app_info, sig_segments:3);

constraints = [
  { "min_version" : "16.1.0.0", "fixed_version" : "16.2.15.7" },
  { "min_version" : "17.7.0.0", "fixed_version" : "17.12.10" },
  { "min_version" : "18.8.0.0", "fixed_version" : "18.8.6" }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
oracleprimavera_unifiercpe:/a:oracle:primavera_unifier

Related

nessus 28
ibm 61
redhat 8
osv 14
almalinux 1
rocky 1
oraclelinux 2
mageia 1
openvas 17
prion 6
atlassian 4
freebsd 1
symantec 2
redhatcve 4
github 5
debiancve 5
cve 5
fedora 2
f5 3
checkpoint_advisories 3
cisa 1
ubuntucve 5
cisco 1
zdi 1
debian 3
suse 3
veracode 5
nuclei 1
tomcat 1
ubuntu 1
amazon 1
zdt 1
packetstorm 1
centos 1
nessus
nessus
Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Apr 2019 CPU)
2019-04-19 00:00:00
Oracle Primavera Gateway Multiple Vulnerabilities (Jul 2019 CPU)
2019-07-19 00:00:00
Oracle WebCenter Portal Multiple Vulnerabilities (Apr 2019 CPU)
2019-04-23 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage SDK Java (Feb 2019, updated)
2019-03-01 00:05:02
Security Bulletin: Multiple vulnerabilities have been identified in FasterXML Jackson library shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2018-1000873)
2019-03-05 09:30:01
Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2018-11784, CVE-2018-8034)
2019-02-04 13:05:02
redhat
redhat
(RHSA-2019:0131) Moderate: Red Hat JBoss Web Server 3.1 Service Pack 6 security and bug fix update
2019-01-22 13:28:13
(RHSA-2019:0130) Moderate: Red Hat JBoss Web Server 3.1 Service Pack 6 security and bug fix update
2019-01-22 13:28:08
(RHSA-2020:2564) Important: EAP Continuous Delivery Technical Preview Release 16 security update
2020-06-15 16:12:30
osv
osv
Important: pki-deps:10.6 security update
2019-06-18 16:36:21
Important: pki-deps:10.6 security update
2019-06-18 16:36:21
Improper Access Control in commons-fileupload
2018-12-21 17:51:51
almalinux
almalinux
Important: pki-deps:10.6 security update
2019-06-18 16:36:21
rocky
rocky
pki-deps:10.6 security update
2019-06-18 16:36:21
oraclelinux
oraclelinux
pki-deps:10.6 security update
2019-07-30 00:00:00
tomcat security, bug fix, and enhancement update
2019-08-13 00:00:00
mageia
mageia
Updated tomcat packages fix security vulnerabilities
2018-12-10 00:20:39
openvas
openvas
Mageia: Security Advisory (MGASA-2018-0479)
2022-01-28 00:00:00
openSUSE: Security Advisory for jakarta-commons-fileupload (openSUSE-SU-2019:1399-1)
2019-05-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1212-1)
2021-06-09 00:00:00
prion
prion
Remote code execution
2016-10-25 14:29:00
Deserialization of untrusted data
2019-01-02 18:29:00
Deserialization of untrusted data
2019-01-02 18:29:00
atlassian
atlassian
Fisheye had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031
2019-02-14 22:03:17
Fisheye had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031
2019-02-14 22:03:17
Crucible had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031
2019-02-14 21:59:23
freebsd
freebsd
Axis2 -- Security vulnerability on dependency Apache Commons FileUpload
2016-11-14 00:00:00
symantec
symantec
FasterXML Jackson-databind Deserialization Multiple Remote Code Execution Vulnerabilities
2019-01-02 00:00:00
Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability
2016-10-17 00:00:00
redhatcve
redhatcve
CVE-2018-19362
2020-04-09 12:07:42
CVE-2018-19360
2020-04-09 07:12:14
CVE-2018-19361
2021-08-22 13:06:10
github
github
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data
2019-01-04 19:07:03
Improper Access Control in commons-fileupload
2018-12-21 17:51:51
Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization
2019-01-04 19:06:57
debiancve
debiancve
CVE-2018-19361
2019-01-02 18:29:00
CVE-2016-1000031
2016-10-25 14:29:00
CVE-2018-11784
2018-10-04 13:29:00
cve
cve
CVE-2016-1000031
2016-10-25 14:29:00
CVE-2018-19360
2019-01-02 18:29:00
CVE-2018-19361
2019-01-02 18:29:00
fedora
fedora
[SECURITY] Fedora 28 Update: tomcat-8.5.35-1.fc28
2019-04-03 02:02:31
[SECURITY] Fedora 29 Update: tomcat-9.0.13-1.fc29
2019-02-13 02:48:13
f5
f5
K25206238 : Apache Commons FileUpload vulnerability CVE-2016-1000031
2018-04-02 00:00:00
K64921482 : Apache Tomcat vulnerability CVE-2018-11784
2018-10-25 00:00:00
K34468163 : Apache Tomcat vulnerability CVE-2018-8034
2018-09-05 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Struts Remote Code Execution (CVE-2016-1000031)
2018-11-07 00:00:00
Apache Struts 2 Commons FileUpload Insecure Deserialization (CVE-2016-1000031)
2019-02-14 00:00:00
Apache Tomcat Default Servlet Open Redirect (CVE-2018-11784)
2019-02-19 00:00:00
cisa
cisa
Apache Releases Security Advisory for Apache Struts
2018-11-05 00:00:00
ubuntucve
ubuntucve
CVE-2016-1000031
2016-10-25 00:00:00
CVE-2018-19362
2019-01-02 00:00:00
CVE-2018-8034
2018-07-24 00:00:00
cisco
cisco
Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018
2018-11-07 00:00:00
zdi
zdi
Novell NetIQ Sentinel Commons DiskFileItem Deserialization of Untrusted Data Remote Code Execution Vulnerability
2016-10-17 00:00:00
debian
debian
[SECURITY] [DLA 1703-1] jackson-databind security update
2019-03-04 12:13:19
[SECURITY] [DLA 1453-1] tomcat7 security update
2018-07-30 01:43:50
[SECURITY] [DLA 1544-1] tomcat7 security update
2018-10-14 20:43:08
suse
suse
Security update for jakarta-commons-fileupload (important)
2019-05-15 00:00:00
Security update for tomcat (moderate)
2018-10-25 18:22:29
Security update for tomcat (moderate)
2018-12-08 00:21:25
veracode
veracode
Insecure Defaults
2018-07-23 05:27:23
Open Redirection
2018-10-04 09:06:12
Open Redirection
2019-01-15 09:25:50
nuclei
nuclei
Apache Tomcat - Open Redirect
2021-03-18 16:22:01
tomcat
tomcat
Fixed in Apache Tomcat 7.0.90
2018-07-07 00:00:00
ubuntu
ubuntu
Tomcat vulnerability
2018-10-10 00:00:00
amazon
amazon
Medium: tomcat7
2018-11-05 19:35:00
zdt
zdt
Apache Tomcat 9.0.0.M1 - Open Redirect Vulnerability
2021-07-13 00:00:00
packetstorm
packetstorm
Apache Tomcat 9.0.0M1 Open Redirect
2021-07-11 00:00:00
centos
centos
tomcat security update
2019-03-19 14:33:17
JSON
Related for ORACLE_PRIMAVERA_UNIFIER_CPU_APR_2019.NASL
nessus28ibm61redhat8osv14almalinux1rocky1oraclelinux2mageia1openvas17prion6atlassian4freebsd1symantec2redhatcve4github5debiancve5cve5fedora2f53checkpoint_advisories3cisa1ubuntucve5cisco1zdi1debian3suse3veracode5nuclei1tomcat1ubuntu1amazon1zdt1packetstorm1centos1